I have been working on developing a PHPFox site and I need some advice for how to get some custom work accomplished.

I can handle making all of the AdminCP adjustments, but I believe I need a capable developer in order to make a few changes to the framework of PHPFox.

I need to keep the website entirely anonymous for users. I can handle the elimination of names and profile pages, but I cannot remove the "Posted by" username display in the marketplace. This is required for my site design.

I also need to create a Private Messaging system for registered site users that is anonymous (does not reveal sender/recipient to users) but allows users to send a message by clicking a button on a marketplace listing and respond by clicking a button in a received message. The system must also have administrative approval for each message to ensure anonymity is upheld by users.

Lastly, since the users will not have a home page, I need someone to help put a landing page in place as the default home page. I will create the page myself. I would also like to create a landing page with a form on it for first time users, that repeat users can circumvent using a cookie. I understand how to create both the pages and the cookie, I just need someone's help to get the code for the pages in the right places.

Any suggestions of reliable developers you have worked with or possible solutions to these issues would be much appreciated.

Thanks

03-10-2014, 01:49 AM

marksimon

AdminCP and server info / script up to date with security releases

Hey Andrew,

If you are running phpfox on Windows server, I don't include windows server stuff here but you can google or ask your server support techs about folder permissions on windows servers.

You loaded or installed a pirated module

You need to ensure that you purchase or download a module/template/whatever directly from the www.phpfox.com site or directly from the 3rd party developer's site that created the product, even if it's a free add on. Do not ever download a “nulled, pirated, hacked, try before you buy” sort of add on that you find on a site that pirates/hacks/nulls scripts. These add ons from pirate sites can contain back doors, malware, trojans or any number of bad things in them. Also, the process of nulling the scripts can also cause them to be unstable and totally mess up your site.

Also, what you have done here is made your site insecure. When you load something with a “back door”, you just gave a hacker the key to your site and a way in. Because you invited this hacker into your site, the script has no way of knowing it is unsafe since you allowed it to be there and by installing the back door module have said it's ok.

You did not keep your script up to date with security releases

If phpFox finds an issue with the script that is of a security nature, they immediately release a patch. This has not happened very often but when it does, they also release a blog about it. This blog shows in your AdminCP in the updates from phpFox. If you do not implement this patch, you leave your site open to whatever vulnerability was fixed.

You modified source files

Here's one that people don't suspect of causing issues other than upgrade issues but it can. What you are doing is hacking into a secure script, and making changes, and possibly making security holes in the process. This is one reason we recommend to never edit source files and instead to use plugins for whatever changes you need made.

You gave out your AdminCP and server info

It is safe to give this info to phpFox technicians through the support channels. It is also ok to give ftp and Admincp info to developers that are installing modules/templates that you have purchased. I recommend having an Admin account set up for developers that you can change to registered user group when that developer is done. Also set up an ftp account just for developers or technicians to use. You can then change the password after the developer or tech is done.

Giving out this information to just any stranger that asks, such as on the phpfox.com forum if a member asks for the information and they are not phpFox staff, you really should not give out this info. This access info if in the wrong hands, can allow someone access to your member info and site files. Be very careful when anyone asks you for log in credentials if they are not staff of phpFox or a developer that you are having do work for you. Also, make sure the developer is reputable and has a good standing within the phpFox community. If they are new to the community, you might want to get recommendations from other customers before giving out the info or make sure you monitor what is being done to your site and change passwords after.

Requirements for the product have become more flexible when dealing with PHP related requirements such as safe_mode or open_base_dir. Using those as an example the product can work with whatever those are set to allowing clients not to worry about if their server has a specific setting enabled or not. Our goal is to have a product that is as flexible as possible to make sure it works on all of the popular hosts today. There is one strict requirement and that in order to run the product you must have PHP5. Past requirements have been PHP 4.3.3, however since PHP5 introduced a wave of improvements when it comes down to OOP we decided it was time we move forward. As for MySQL the same 4.1 is required, although phpFox will support other database drivers and not just MySQL.

When reading this manual it is wise to read everything in order and not skip ahead as items that we cover later on will require knowledge of something you have learned earlier in the manual.

-----
Mark Simon
*** link removed by moderator ***

06-09-2014, 05:29 AM

alexjames212

Hey Andrew,

Did you get your issue resolved? Kindly reply quickly so that i could consider pointing out some possible solutions to this issue.